On Sun, Nov 29, 2020 at 12:00:29AM +0100, Martijn van Duren wrote: > On Sat, 2020-11-28 at 23:08 +0100, Theo Buehler wrote: > > > "If the certificate name is an absolute path, a .crt and .key > > > extension are appended to form the certificate path and key path > > > respectively." > > > This part does not seem to work at all. > > > Neither it tries to search certificates using the absolute path nor > > > it tries to append .crt or .key extension to the absolute path when no > > > extension is used in config. > > > > > > Or I do it completely wrong? > > > > It's a bug. If the certificate path is absolute, faulty short-circuiting > > logic would result in first correctly appending ".crt" to the path, then > > incorrectly prepending "/etc/ldap/cert". > > > > You can see the problem with a config containing > > > > listen on lo0 port 6636 tls certificate "/bogus/lo0" > > > > $ ldapd -vv -f ldapd.conf -n > > ... > > loading certificate file /etc/ldap/certs//bogus/lo0.crt > > ldapd.conf:5: cannot load certificate: /bogus/lo0 > > ... > > > > The diff below avoids calling bsnprintf() twice for an absolute > > certificate path. > > > > Wouldn't it be more future idiot proof if we were a little more verbose? > But if you prefer, your diff also looks good to me.
I have no strong preference either way (I would probably use yours if it were my code). Feel free to go ahead with your diff and my ok after giving jmatthew a bit of time to respond.
